Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 09 Jan 2009 20:26:56 +0100
From:      Attila Nagy <bra@fsn.hu>
To:        Adrian Chadd <adrian@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r186955 - in head/sys: conf netinet
Message-ID:  <4967A500.30205@fsn.hu>
In-Reply-To: <200901091602.n09G2Jj1061164@svn.freebsd.org>
References:  <200901091602.n09G2Jj1061164@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

Adrian Chadd wrote:
> Author: adrian
> Date: Fri Jan  9 16:02:19 2009
> New Revision: 186955
> URL: http://svn.freebsd.org/changeset/base/186955
>
> Log:
>   Implement a new IP option (not compiled/enabled by default) to allow
>   applications to specify a non-local IP address when bind()'ing a socket
>   to a local endpoint.
>   
>   This allows applications to spoof the client IP address of connections
>   if (obviously!) they somehow are able to receive the traffic normally
>   destined to said clients.
>   
>   This patch doesn't include any changes to ipfw or the bridging code to
>   redirect the client traffic through the PCB checks so TCP gets a shot
>   at it. The normal behaviour is that packets with a non-local destination
>   IP address are not handled locally. This can be dealth with some IPFW hackery;
>   modifications to IPFW to make this less hacky will occur in subsequent
>   commmits.
>   
>   Thanks to Julian Elischer and others at Ironport. This work was approved
>   and donated before Cisco acquired them.
>   
>   Obtained from:	Julian Elischer and others
>   MFC after:	2 weeks
>   
Wouldn't it be better to implement existing interfaces for that?
OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4967A500.30205>